What's New

Management of host upgrade releases – Update Manager now provides management of host upgrade packages. You can import host upgrade packages, view the upgrade release information, as well as create and view host upgrade baselines for a particular upgrade release. In addition, you can delete host upgrade releases that are no longer needed.

Provisioning, patching, and upgrade support for third-party modules – Update Manager can now provision, patch, and upgrade third-party modules that you can install on ESX, such as EMC's PowerPath/VE multi-pathing software. Using the capabilities of Update Manager to set policies by using the Extension Baseline construct, and the comprehensive Compliance dashboard, you can now simplify provisioning, patching, and upgrade of third-party modules at scale.

Offline bundles – Update Manager now supports the import of offline bundles. Offline bundles are ZIP files that can contain VMware and third-party patches. You download these patches from the Internet or copy them from a media drive, and then save them as offline bundle ZIP files on a local drive. You can import the patches to the Update Manager patch repository later.

Support for handling recalled patches in Update Manager – Update Manager 4.1 immediately sends critical notifications about recalled ESX/ESXi and related patches. Currently only patches for ESX/ESXi hosts of version 4.0 and later can be recalled. In addition, Update Manager prevents you from installing a recalled patch that you might have already downloaded. This feature also helps you identify hosts where recalled patches might already be installed. Furthermore, Update Manager informs you when the solution patches are available and provides information on how to resolve the issues caused by the recalled patches.

Enhanced cluster operations – Update Manager now gives you the ability to configure cluster settings such as VMware Distributed Power Management, VMware High Availability admission control, and VMware Fault Tolerance to ensure that cluster-level operations, such as scanning, staging, and remediation complete successfully. Furthermore, you can run pre-remediation checks and obtain reports to detect conditions such as these and others that can prevent a host from entering maintenance mode during remediation.

Improved reliability of operations on hosts in low-bandwidth, high-latency or lossy network – Update Manager 4.1 performs operations on hosts in a slow network or WAN environment more reliably. In earlier Update Manager releases, if host operations took more than two hours to complete, the tasks might timeout and fail. See Update Manager host tasks might fail in slow networks (KB 1021050) for more information about the problem. In Update Manager 4.1, such tasks complete successfully.

Improvements in how Update Manager handles hosts with virtual machines on which Update Manager or vCenter Server is installed – In previous releases of Update Manager, remediation of hosts running a virtual machine with Update Manager or vCenter Server was unsuccessful. Update Manager either failed the remediation or skipped the host. In Update Manager 4.1 when you patch hosts in a DRS enabled cluster, if a virtual machine with Update Manager or vCenter Server is running on a host in that cluster, the patch remediation completes successfully.

vCenter Update Manager PowerCLI – You can now download and install vCenter Update Manager PowerCLI. vCenter Update Manager PowerCLI is a command-line and scripting tool built on Windows PowerShell, and provides a set of cmdlets for managing and automating the Update Manager server. You can download a standalone installer for vCenter Update Manager PowerCLI which you can download from the vCenter Update Manager PowerCLI Communities Web site.

Update Manager 4.1 Feature and Support Notice

Update Manager 4.1 and its subsequent update releases are the last releases of the product to support scanning and remediation of patches for Windows and Linux guest operating systems and applications running inside a virtual machine. (A list of such operating systems and applications is available in the section Scanning and Remediation of Virtual Machines and Applications.) This capability will be discontinued in the next major release. If you use this capability today, you should start planning your transition.

While the above capability will be discontinued in the future, the ability to perform virtual machine operations such as upgrade of VMware Tools and virtual machine hardware will continue to be supported and enhanced.

Hardware Requirements and Sizing Estimator

Hardware Requirements

If the database is installed on the same machine as Update Manager, requirements for memory size and processor speed are higher. The minimum requirements to ensure acceptable performance are as follows:

Processor: Intel or AMD x86 processor with two or more logical cores, each with a speed of 2GHz

Network: 10/100 Mbps For best performance, use a Gigabit connection between Update Manager and ESX hosts.

Memory:

2GB RAM if Update Manager and the vCenter Server are on different machines

4GB RAM if Update Manager and the vCenter Server are on the same machine

Sizing Estimator

For more information about the disk storage requirements, see the VMware vCenter Update Manager Sizing Estimator. The sizing estimator calculates the size of the Update Manager 4.1 database and patch store. The estimate is calculated from the information that you enter about your deployment, such as the number of the hosts and virtual machines. The sizing estimator also provides recommendations for the Update Manager database and server deployment models.

Installation Notes

This section includes information about the installation of Update Manager and Update Manager Download Service, an optional module of Update Manager.

Update Manager

Before you install Update Manager, you must install vCenter Server. Installation of Update Manager requires network connectivity with an existing vCenter Server system. Each installation of Update Manager must be associated with a single vCenter Server instance.

The Update Manager module consists of a client component that is a plug-in interface to a VMware vSphere Client instance, and a server component that can be installed on the same system as vCenter Server or on a different system.

The Update Manager 4.1 server can be installed only on 64-bit Windows operating systems, and the Update Manager 4.1 Client can be installed on both 32-bit and 64-bit operating systems.

Update Manager Download Service

vCenter Update Manager Download Service (UMDS) is an optional module of Update Manager that you can use to download patch definitions and patches. Install UMDS in case your deployment system is secured and the machine on which Update Manager is installed has no access to the Internet.

UMDS 4.1 can be installed on both 32-bit and 64-bit Windows operating systems.

Upgrade Notes

This release allows upgrades from all previous Update Manager versions. Update Manager 4.1 can be installed only on 64-bit machines. If your earlier version of Update Manager is installed on a 32-bit machine, you must migrate your data from the 32-bit machine to the 64-bit machine on which you are installing Update Manager 4.1. To do this, you can use the data migration tool. For more information about migrating your Update Manager configuration and database, see the VMware vCenter Update Manager Installation and Administration Guide.

Before you upgrade Update Manager from an earlier version, you must upgrade vCenter Server and the vSphere Client to a compatible version. Update Manager 4.1 is compatible only with vCenter Server 4.1 and vSphere Client 4.1. For more information about compatibility between Update Manager, vCenter Server, and vSphere Client, see the vSphere Compatibility Matrixes.

The VMware Product Interoperability Matrix provides details about the compatibility of current and earlier versions of vSphere Update Manager with other VMware vSphere components, including ESX/ESXi, VMware vCenter Server, and the vSphere Client. In addition, this site also provides information about supported management and backup agents before installing ESXi or vCenter Server.

Interoperability and Supported Operating Systems

ESX/ESXi Hosts Scanning and Remediation

Host Patching

ESX 3.0.3 or later

ESX 3i or later

Host Upgrade

ESX 3.5 or later

ESX 3i or later

Note: You cannot upgrade ESX 3.0.x hosts directly to ESX 4.1. To upgrade ESX hosts that are running ESX 3.0.x to ESX 4.1, you must first upgrade them to ESX 4.0 or ESX 4.0.x and then upgrade to ESX 4.1.

Resolved Issues

Host tasks such as scanning, staging, or remediation might fail or remain in progress in a high latency network
Because of a high latency between the vCenter Server system, Update Manager server, and the managed hosts, host remediation, scanning, or staging of patches might fail or remain in progress for a long time. When remediated, the host fails to exit maintenance mode if one of the patch installations times out. Host upgrades might also time out in a slow network.
This issue is fixed in this release and host operations in slow networks complete successfully.

Update Manager does not support a re-import of a host upgrade file
Update Manager does not support the re-import of host upgrade files (ISO for ESX hosts and ZIP for ESXi hosts) if an already imported file gets corrupted or manually deleted from the Update Manager patch store. Importing upgrade files for a particular release is a one-time activity. After you upload the upgrade files, you must use the existing release upgrades available in Update Manager to create a new host upgrade baseline.
This issue is fixed in this release.

VMware Tools upgrade might fail with a generic error message VMware Tools upgrade on a virtual machine in which the VMware Tools service is not running might fail with the VMware Tools upgrade failed for <virtual_machine_name> generic error message.
This issue is fixed in this release and the message now states that VMware Tools is not running in the virtual machine.

Compliance view does not load if a user does not have sufficient Update Manager privileges If you do not have sufficient credentials to view compliance details for vSphere objects, the View Compliance screen remains blank and displays a Loading message.
This issue is fixed in this release.

In the remediation wizard, the status of vSphere inventory objects is always shown as Non-Compliant In the Update Manager Client Compliance view, different icons represent the compliance states of baselines against vSphere objects. When you start a remediation operation for a vSphere object, you see a misleading status icon beside the patch number or upgrade name. The misleading icon represents a white X in a red circle, and coincides with the icon signifying non-compliant status.
This issue is fixed in this release.

VMware Tools upgrade remediation might fail with a misleading event error message When you try to upgrade VMware Tools on a virtual machine with no installed VMware Tools, the remediation fails with a misleading error message: VMware vCenter Update Manager had an unknown failure. Check Tasks and Events tab and logs for more details. Update Manager does not support VMware Tools upgrade for virtual machines on which VMware Tools is not installed.
This issue is fixed in this release and the message now states that VMware Tools is not installed or is not managed by the VMware vSphere platform.

During Update Manager installation a wrong warning message might appear During the Update Manager installation, you might be incorrectly warned that the patch download location you specify has insufficient free space. This issue might occur when you select a path to a drive with free space more than 20GB and create a new folder on that drive. The minimum recommended amount of free space for the patch store location is 20GB. More space might be necessary, depending on your deployment system.
This issue is fixed in this release. The message appears only when your system has less than 20GB free space.

The Update Manager Compliance view uses generic icons to represent vSphere inventory objectsIn the Update Manager Compliance view, you cannot distinguish between the states of vSphere objects solely by the icons used to represent them. The Compliance view uses the same icons for all states of hosts, virtual machines, or virtual appliances. This issue is fixed in this release.

During creation of dynamic baselines, new patch vendors from newly added custom patch sources might not be included in the vendor list Downloading patches from a newly added custom patch source to Update Manager might introduce a new patch vendor. The new vendor might not be included in the list of vendors presented in the New Baseline wizard. In such a scenario, you might not be able to set up a dynamic baseline with search criteria that involve the new patch vendor name.
This issue is fixed in this release.

In the German localized version of Update Manager, "Staging" and "Stage" are mistranslated into "Einstufungsvorgang" and "Einstufen" In numerous places, "stage" has been mistranslated. The correct translation for the verb "to stage" in the context of Update Manager is "bereitstellen."
This issue is fixed in this release.

Installing and Upgrading

Configuration settings might be lost when you upgrade Update Manager Download Service from version 4.0 to version 4.1During the upgrade of UMDS 4.0 to UMDS 4.1, the settings that you have configured for UMDS 4.0 might be lost.
Workaround: The best practice is to upgrade UMDS from version 4.0 to version 4.1 and then re-configure the UMDS settings. To preserve your UMDS configuration settings, you can also do the following:

Back up the downloadConfig.xml file before the upgrade.

The default location in 32-bit Windows is C:\Program Files\VMware\Infrastructure\Update Manager.

Upgrade of Update Manager Download Service might fail if you have never run vmware-umds.exeIf you have never run UMDS (if you have never run vmware-umds.exe), the upgrade of UMDS to version 4.1 might fail with an installer error E25095. Please uninstall the existing VMware vCenter Update Manager Download Service since this version is not compatible with the newer version. Existing patchstore location cannot be used with the new version.Workaround: To upgrade UMDS to version 4.1, make sure that you run UMDS at least once before starting the upgrade.

Upgrade of Update Manager 1.0 Update 2 and the subsequent 1.0 update releases to Update Manager 4.1 might fail If your environment contains any virtual appliances, and you want to upgrade Update Manager from version 1.0 Update 2 or later to version 4.1, the upgrade might fail. The installer cannot upgrade the database of Update Manager 1.0 Update 2 or later to the 4.1 version. This issue does not apply to upgrades from Update Manager 4.0.x to Update Manager 4.1.Workaround: Perform a fresh install of Update Manager 4.1.

You might not be able to enable the Update Manager plug-in on the vSphere Client If the Update Manager database is located on a separate machine and the system DSN uses Windows authentication, you cannot enable the Update Manager plug-in on the vSphere Client. The error message you receive is There was an error connecting to VMware vCenter Update Manager. Database temporarily unavailable or has network problems. Workaround: Ensure that the Update Manager database uses SQL Server authentication.

Old Update Manager plug-in is still enabled in the Plug-in Manager of vSphere Client 4.0 Update 1 After you upgrade vSphere Client and vCenter Server to version 4.0 Update 1, the earlier version of Update Manager is still enabled in the Plug-in Manager. For correct functionality, you must upgrade Update Manager to version 4.0 Update 1.

If the password for vCenter Server or the database server contains a semicolon, installation of Update Manager fails When you install the Update Manager server version 4.0 Update 1, if the password provided for authentication to vCenter Server or the database server contains a semicolon, the installation fails. Workaround: Change the vCenter Server or database server password to exclude the semicolon and run the installation again.

A minimum of 600MB of free space for Update Manager on the boot drive is required to install Update Manager Although Update Manager does not need to be installed on the boot drive, some required components must be installed on the boot drive. 600MB of space for Update Manager is required at installation time to accommodate these required components, as well as temporary files used during the installation. Workaround: Ensure at least 600MB of free space on the boot drive before installing Update Manager.

After installing Update Manager 4.0 Client plug-in you cannot enable Update Manager Client 1.0 or Update Manager Client 1.0 Update 1 on the same computer Update Manager Client 1.0 (or Update Manager Client 1.0 Update 1) might be represented as installed on the VI Client Plug-in Manager although you have not installed it in the following scenario:

Scanning, Staging, and Remediation

Host remediation might fail when a virtual machine is disconnected or its files are inaccessible from the hostHost patch remediation and host upgrade remediation of ESX/ESXi hosts from version 3.5 to 4.x or from version 4.0.x to 4.1 might fail when there is an inaccessible virtual machine on the host. For example, if the virtual machine is orphaned, disconnected, or inaccessible because its .vmx file cannot be accessed, or if the virtual machine files reside on a disconnected network storage, the remediation fails.
Workaround: Manually connect the virtual machine, connect the disconnected network storage, or remove the disconnected or inaccessible virtual machine from the inventory, and remediate again.

During an offline scan for patches of a Windows virtual machine, the operating system where Update Manager is installed might display an error messageDuring an offline scan of a Windows virtual machine for patches, the operating system on which the Update Manager server is installed might display an error message stating that the registry hive is corrupted. If the registry hive has not been correctly downloaded from the host, the Windows registry might not be able to mount it properly. Because Update Manager mounts the target virtual disk read-only with a REDO log, offline scanning does not change the state of the virtual machine. Workaround: Retry the offline scanning.

Virtual machine patch remediation might fail to completeAfter you install a patch on a virtual machine using Update Manager, the Windows guest operating system might fail to restart. Update Manager times out and the remediation is not completed. Workaround: Manually check the state of the guest operating system, restart it, and rescan.

Remediation might not complete if you delete upgrade releases during remediation Host upgrade remediation might not complete if you try to delete a host upgrade release during the remediation process. Update Manager does not guarantee correct behavior if an upgrade release is deleted during host upgrade remediation tasks that use the same upgrade release you try to delete.

Host remediation might not complete if the host contains powered on fault tolerant virtual machines Host remediation might not complete if there are any Primary virtual machines with disabled FT on the host, and you select Fail Task or Retry on the Host Remediation Options page of the Remediate wizard. In such a scenario, powered on Primary virtual machines with disabled FT cannot be powered off or migrated in a DRS cluster. The host cannot enter maintenance mode while there are powered on virtual machines on it, and the remediation cannot be completed.Workaround: When you remediate hosts containing Primary or Secondary virtual machines, you can use one of the following workarounds:

Select Power Off virtual machines and Retry or Suspend virtual machines and Retry on the Host Remediation Options page of the Remediate wizard.

Manually migrate the fault tolerant virtual machine to another host before you start a remediation.

If EVC is enabled on a DRS cluster, virtual machines with disabled FT can be automatically migrated when the host tries to enter maintenance mode. This is possible only if DRS is not disabled on the particular host.

Host remediation might fail when VMware DPM is using the Wake-on-LAN mechanismIf you configure Update Manager to disable VMware DPM on a cluster during remediation, and the cluster contains hosts in standby mode, Update Manager tries to power on the hosts before remediation. When VMware DPM is using the Wake-on-LAN mechanism to power on hosts in standby mode, if you try to disconnect any powered-on host in the cluster while the other hosts are powering on, the Exit Stand By Host operation might fail.
Workaround: Ensure that powered-on hosts in a cluster stay connected while the other hosts in standby mode are powering on.

Host remediation might fail, if vCenter Server does not properly update the power state of the hostWhen a host is powering on (exiting standby mode), the host power state might not get updated in vCenter Server and host remediation cannot finish or times out. When the power state of a host is not updated properly, in the vSphere Client inventory the host might be displayed as if it is in standby mode, but actually the host is powered on. Workaround: To remediate the host, remove the host from the inventory and add it again so that vCenter Server refreshes the power state of the host. Then start the remediation process.

Upgrade of VMware Tools might fail with error The operation is not supported on this object The upgrade failure might occur in clusters containing both ESX 3.x and ESX 4.x hosts, with DRS enabled in automatic mode. After completing the upgrade of VMware Tools, Update Manager first shuts down the guest operating system and then powers it on. DRS selects the best suited host, on which to power on the remediated virtual machine. If the selected host is running ESX 3.x, the post-scan test of the VMware Tools upgrade task results in error message VMware Tools upgrade was not performed on <VM name>. VMware Tools upgrade is supported only for VMs on ESX 4.0 hosts and higher. Workaround: Before you upgrade VMware Tools in a cluster with both ESX 3.x and ESX 4.x hosts, disable DRS or switch DRS to manual mode.

The Remediation Selection page might display an incorrect number of patches for the selected baselinesWhen you remediate a vSphere inventory object against a patch or extension baseline preselected in Compliance view, the initial page of the remediation wizard might show an incorrect number of patches that need to be remediated. In this case, when the inventory object has multiple attached patch and extension baselines, the number of patches corresponds to the number of compliant patches from all attached baselines, and not just from the selected baselines. Workaround: Either change the selection of baselines or groups in the Remediation Selection page, or first click Next to go to the next page and then click Back to return to the selection page.

When you scan an offline virtual machine, the state of the VMware Tools Upgrade to Match Host baseline might be displayed as Unknown When you scan an offline virtual machine with VMware Tools version corresponding to ESX 2.5.x against the VMware Tools Upgrade to Match Host baseline, the VMware Tools Upgrade to Match Host baseline state is Unknown. Workaround: Perform a scan when the virtual machine is powered on. Update Manager will display the correct compliance state.

Remediation tasks fail for some Microsoft products Update Manager does not remediate some Microsoft products. Details of these failures are logged in an event, and can be viewed using the vSphere Client.

Application of SP2 for Microsoft Content Management Server 2002 and SP2 for Internet Explorer 6 fails. You can only scan for them.

Application of some service packs to Exchange requires user intervention, and cannot be completed automatically.

Host upgrade scan and remediation might fail if there is not enough free space on the host Host upgrade scan and remediation might fail with the AgentInstallFailed error message. This error might result from insufficient free space on the ESX/ESXi host.
Workaround: To upgrade ESX/ESXi hosts, ensure you have at least 20MB free space in the /tmp directory of the host.

VMware Tools upgrade fails for virtual machines created on hosts of versions 2.5.x When you scan a virtual machine with the VMware Tools version corresponding to ESX 2.5.x against a VMware Tools Upgrade to Match Host baseline, the VMware Tools Upgrade to Match Host baseline state is Non-Compliant. Although the state is Non-Compliant, the VMware Tools upgrade fails with a VM Tools installed in the VM doesn't support automatic upgrade error message. Automatic upgrade for VMware Tools is supported only for virtual machines created on hosts running versions ESX 3.0.x, ESX 3.5 or later, and ESX 3i version 3.5 or later. Workaround: Upgrade VMware Tools manually by right-clicking the virtual machine in the inventory and selecting Guest > Install/Upgrade VMware Tools.

Patch remediation might fail when you upgrade the virtual hardware and apply patches at the same time When you remediate a Windows 2000 Professional SP4 virtual machine with virtual hardware version 3 against a baseline group containing the VM Hardware Upgrade to Match Host baseline and patch baselines, the patch remediation might fail. After upgrading the virtual hardware, Update Manager powers the virtual machine on and displays a System Settings Change dialog box asking you to restart the system. If you do not click Yes, the machine does not restart, causing a stop of the remediation process. Patch remediation fails, because the process times out. The error message you receive is: VMware vCenter Update Manager Guest Agent failed to respond in time on <virtual_machine_name>. Please check if the VM is powered on and Guest Agent is running.Workaround: Click Yes in the System Settings Change dialog box to restart the virtual machine.

Host remediation might fail for some patches because of irresolvable conflict with the patches on the host Patch remediation of a host might fail when a patch (for example, patch A) in a baseline input conflicts with the host and the conflict cannot be resolved by the other patches in the baseline input. Workaround: The Patch Details window for patch A displays a recommendation to use another patch to resolve the conflict. The recommendation might also contain many patches. Including one or all of the recommended patches into the baseline might resolve the conflict. For more information, refer to the KB article associated with patch A and the recommended patches.

You must not use a shared datastore for ESX host upgrade remediation When you remediate a cluster or folder of ESX hosts against an upgrade baseline, in the Remediation wizard you can specify the VMDK location to which to migrate the COS of the ESX host. You should use a local datastore, not a specific datastore, which is shared by the hosts.
Workaround: If the ESX hosts you want to upgrade have local storage, you can successfully upgrade them individually by selecting to use a local datastore.

ESX host upgrade remediation fails for diskless hosts When you remediate ESX hosts against an upgrade baseline, in the Remediation wizard you can specify the VMDK location to which to migrate the COS of the ESX host. If you want to perform the remediation at a cluster or folder level, VMware recommends that you use a local datastore. It is not recommended to use a datastore shared within many hosts, because the upgrade fails for the diskless hosts in the container object. Workaround: Upgrade the diskless ESX hosts individually. In such a case you can select a specific network datastore as long as it is not shared with other hosts.

Timezone patches 931836 and 933360 are displayed as missing, although they are not applicable Timezone patches 931836 and 933360 are obsolete patches, which were recalled shortly after the Update Manager 1.0 Update 2 release and are no longer available for downloading. Shavlik provides the functionality to check if you have these patches installed on your virtual machines. If they are installed on a virtual machine, Update Manager reports the patches as Installed. Otherwise, the patches are reported as Missing, although they should be marked as Not Applicable. Patch 931836 is superseded by patch 933360, which is superseded by patch 942763, and patch 942763 is superseded by 951072. If patch 951072 is installed, then the other patches are not needed.
Workaround: To obtain the correct compliance state for a virtual machine, remove the above mentioned patches from the patch baseline defined in your environment and perform the scan again.

Internationalization Issues

Inconsistent remediation error message might appear when in German operating system locale the vSphere Client locale is switched to English In German operating system locale, when you do a locale forcing to change the vSphere Client user interface and related messages into English, an error message might be wrong. The error message is related to the remediation of Linux virtual machines. The wrong error message No entities for this operation might appear, when the correct message is Operation on the inventory object is not supported.

When you double-click VMware vCenter Update Manager.msi, the hint message is not localized When you extract to a local folder all components, required for the installation of Update Manager, either from a .zip file or an .iso image, you can run the VMware vCenter Update Manager.msi application by double-clicking it. When you run the application, the hint pop-up displays the message The installer should be started using VMware-UpdateManager.exe. The message is in English and not localized.

When you double-click VMware vCenter Update Manager Download Service.msi, the hint message is not localized When you extract to a separate folder all components, required for the installation of UMDS, either from a .zip file or an .iso image, you can run the VMware vCenter Update Manager Download Service.msi application by double-clicking it. When you run the application, the hint pop-up displays the message The installer should be started using VMware vCenter Update Manager Download Service.msi. The message is in English and not localized.

You cannot install Update Manager and download patches to directories with non-ASCII characters in their namesIn the installation wizard of Update Manager, you can change the installation and patch download locations of the Update Manager. Changing the installation and patch download locations to folders containing non-ASCII characters in their names might result in errors. Only ASCII characters are supported in installation paths and user names. However, non-ASCII characters are supported in passwords.

You cannot install Update Manager in Simplified Chinese language on Japanese operating systems
If you select Simplified Chinese as the installation language on a Japanese operating system, an error 1158 appears and the installation fails. You can select Japanese, German, or English as the installation language on a Japanese operation system.

Virtual machine patch remediation might fail if a localized version of the patch is not available When you apply patches to a localized guest operating system, the remediation process might fail if a patch for the specific locale has not been released by the vendor. Update Manager reports the error: Failed to install patch <patch_name>. Workaround: Contact the patch vendor for localization-specific information.

Remediation might fail for some localized patches for Windows Due to patch installer issues, Update Manager might fail to install some localized patches for Windows with error code 1618 - another installation is already in progress.
Workaround: Retry the remediation operation.

Update Manager online help might fail to open on some localized Windows systems If you install Update Manager on a Windows operating system different from English, Deutsch, Japanese, and Simplified Chinese, you cannot open the Update Manager Online Help from the Help menu. In addition, if you click other links or buttons for Help within the Update Manager Client, the following error message appears: Missing help file.
Workaround: Navigate to the Update Manager help directory (the default folder is C:\Program Files\VMware\Infrastructure\Virtual Infrastructure Client\Plugins\Update Manager 4.0\Help\en\) and double-click index.html, or copy the Update Manager online help files from C:\Program Files\VMware\Infrastructure\Virtual Infrastructure Client\Plugins\Update Manager 4.0\Help\en\
toC:\Program Files\VMware\Infrastructure\Virtual Infrastructure Client\Plugins\Update Manager 4.0\Help\. Have in mind that copying the files up one level is not always recommended.

Two security vulnerabilities are reported for the Jetty Web server version 6.1.6:

CVE-2009-1523 (http://jira.codehaus.org/browse/JETTY-1004) identifies a directory traversal vulnerability. It allows for obtaining files from the system where Update Manager is installed by a remote, unauthenticated attacker. For an attack to be successful, the attacker would need to be on the same network as the system where Update Manager is installed.

CVE-2009-1524 (http://jira.codehaus.org/browse/JETTY-980) identifies is a cross-site scripting vulnerability. It allows for running JavaScript in the browser of the user who clicks a URL containing a malicious request to Update Manager. For an attack to be successful the attacker would need to lure the user into clicking the malicious URL.

The warning message about the free space on the machine on which you are installing Update Manager contains an incorrect linkWhen you install Update Manager on a machine with less than 20GB free space, the installer displays a message that the minimum recommended free space is 20GB. The warning message provides an incorrect link to the Update Manager 4.1 sizing estimator. The correct link to the sizing estimator for Update Manager 4.1 is http://www.vmware.com/support/vsphere4/doc/vsp_vum_41_sizing_estimator.xls.

Invalid email addresses in the email notification settings prevent Update Manager from sending email messagesIn the patch and notification download schedules, you can configure Update Manager to send emails when new patches or notifications are downloaded. If you enter invalid email addresses, Update Manager might not send emails. If you enter an invalid email address with the same domain name as the SMTP Server sender account in vCenter Server mail sender setting, Update Manager does not deliver emails to any of the email addresses (including the valid ones). If the domain name of the invalid email addresses is different from the SMTP Server sender account in vCenter Server mail sender setting, email notifications can be successfully delivered to the valid email addresses entered in the Update Manager email notification settings. Workaround: Remove the invalid email addresses from the email notification settings.

Update Manager might not restore the original power state of fault tolerant virtual machines after remediationWhen you remediate a fault tolerant virtual machine that is in suspended or powered-off state, the machine might remain powered-on after the remediation is completed. Workaround: Manually suspend or power off the virtual machine after remediation.

The import of an offline bundle might fail if multiple Java processes are runningWhen you try to import an offline bundle and two or more Java processes are running, you might receive the error message Failed to login. Error was: A web exception has occurred during file upload. This error occurs in a system where vCenter Server and the Update Manager server are installed on the same machine. Workaround: Restart the machine and retry the operation to import an offline bundle.

In large environments, the Update Manager Client plug-in might temporarily lose connection to the Update Manager serverVMware Tools operations, such as scanning for the VMware Tools version and upgrading VMware Tools, use the same system resources as the Update Manager Client plug-in. If you run many VMware Tools operations at the same time, the Update Manager Client plug-in might disconnect from the Update Manager server. This issue does not occur with other operations such as host and virtual machine patching, host upgrade, or virtual appliance upgrade. Workaround: Do not try to perform many VMware Tools operations at the same time. If you must perform many VMware Tools operations at the same time, increase the thread count on the server. You can also wait for the VMware Tools operations to complete. The VMware Tools operations are displayed as tasks in the vSphere Client, although the Update Manager plug-in might be nonresponsive.

In Windows Vista, all Help buttons in the Update Manager Client open the default Update Manager help pageIf you are using Internet Explorer 7 browsers installed on Windows Vista machines, the vCenter Update Manager context-sensitive help does not display the required help pages. Instead, the help displays the default vCenter Update Manager help page. Workaround: Apply Service Pack 2 to Windows Vista. For more details, see the following Microsoft knowledge base article http://support.microsoft.com/kb/942172.

Notification emails might be blocked by antivirus softwareYou might not receive any email notifications from Update Manager if you have certain antivirus software installed on your vCenter Server system. Update Manager can be configured to send email notifications, such as notifications for newly downloaded patches and other scheduled tasks. If you have installed antivirus software (for example, McAfee) that monitors and blocks email traffic, you might not be able to receive the notifications from Update Manager. Workaround: Disable the antivirus software rule that blocks the email traffic.

Powered-off virtual machines are not migrated to other hosts in a DRS enabled clusterUpdate Manager puts hosts into maintenance mode during remediation but it does not migrate powered-off virtual machines to other hosts in a DRS enabled cluster. Workaround: Manually put the host into maintenance mode before remediation and select the option to migrate the powered-off virtual machines.

ESX 4.0 hosts might lose network connectivity after remediation, if the VMkernel is configured to use DHCPWhen Update Manager patches ESX hosts, the patches might require host reboot. After rebooting, vCenter Server might be unable to add the ESX host to the vSphere inventory if the VMkernel of the host is configured to use DHCP. Workaround: Configure the VMkernel of the host to use a static IP address or install patch ESX400-200906402-BG, which fixes the ESX 4.0 issues. You can find patch ESX400-200906402-BG in the ESX400-200906001.zip bundle.

Switching between Compliance view and Administration view might navigate you to the wrong location When you select a datacenter object in the VMs and Templates inventory view of the vSphere Client and use the Admin view and Compliance view quick links to navigate to the Update Manager Administration view and the Update Manager Compliance view, you might go to the wrong vSphere Client view. For example, select Home > Inventory > VMs and Templates in the navigation bar. Select a datacenter object in the inventory and click the Update Manager tab to open the Update Manager Compliance view. When you click Admin view and then go back by clicking the Compliance view link, you navigate to the Host and Clusters inventory view instead of the VMs and Templates view.
Workaround: Manually navigate from the Hosts and Clusters inventory view to the VMs and Templates view by selecting Home > Inventory > VMs and Templates in the navigation bar.

When you create a baseline you might receive an error message When you create a baseline and click Finish in the New Baseline wizard, a connection time-out error might occur because of insufficient memory on the machine on which the Update Manager server is installed.
Workaround: Increase the memory on the machine on which the Update Manager server is installed.

Cluster remediation options report is not generated if the cluster is under remediationIf you try to generate a cluster remediation options report while the cluster is being remediated, the report will be generated and displayed only after the remediation is completed.

Update Manager does not take snapshots of virtual machines on which FT is turned on before remediationYou cannot take snapshots of virtual machines on which FT is enabled. If you remediate a virtual machine on which FT is turned on and in the Remediate wizard choose to take a snapshot before remediation, Update Manager ignores this setting and does not take a snapshot of the virtual machine. Workaround: Disable FT, configure Update Manager to take a snapshot of the virtual machine, and remediate the machine. If you want to turn on FT after the remediation, delete the snapshot and then enable FT.

Virtual machine hardware upgrade or VMware Tools upgrade might fail with error fault.com. - vmware.vc - Integrity.V - MToolsRemediationFault.summary The upgrade failure might occur on virtual machines migrated with vMotion from ESX 3.0.x hosts to ESX 4.0.x hosts. In this situation, the guest ID property of the virtual machine is unset, but a new ID is not assigned. Update Manager attempts to read the guest ID during VMware Tools upgrade, and the task fails. The same issue might occur on virtual machines that are reverted to a snapshot, or resumed from suspended state on ESX 4.0.x hosts. Workaround: First manually upgrade VMware Tools, and then upgrade the virtual hardware of the virtual machine.

When multiple users attempt to create a baseline with the same name simultaneously, Update Manager displays an ambiguous error message When multiple users attempt to create a baseline with the same name simultaneously, Update Manager displays the message The specified key, name, or identifier already exists. The message does not inform you explicitly that another user is attempting to create a baseline with the same name.

The vSphere Client might display the error message Exception has been thrown by the target of an invocation When an Old Version of Update Manager Is InstalledWhen you connect the vSphere Client to a vCenter Server 4.0.x instance, with a registered old version of the Update Manager server, the vSphere Client displays the error message Exception has been thrown by the target of an invocation. Workaround: Either first upgrade the Update Manager server to version 4.0.x and then reinstall the Update Manager plug-in from the vSphere Client Plug-in Manager, or uninstall the legacy versions of the Update Manager server and plug-in.

Update Manager fails to install and upgrade the Cisco Nexus 1000V VEM, if the ESX host is running on an IPv6 networking stack When an ESX host is added to a Cisco Nexus 1000V DVS, Update Manager installs the Cisco Nexus 1000V VEM on the host. Upgrading the Cisco Nexus 1000V VSM to the latest version invokes Update Manager to upgrade the VEM on the host attached to the DVS. Both the installation and the upgrade operations might fail if the host is running on an IPv6 networking stack. Workaround: Install or upgrade the VEM on the host manually, by using the offline bundle.

During VMware Tools upgrade you might see a misleading error message in Recent Tasks pane When you perform a VMware Tools upgrade of a virtual machine, you might see a misleading error message Cannot complete operation because VMware Tools is not running in this VM even though the remediation is successful.

Scheduling a remediation task generates a set of tasks When you schedule a remediation task, several active tasks appear in the Recent Tasks pane. One of these tasks is Remediate Entity. This task appears when you create a new remediation task and is not an actual remediation task in which the objects are remediated. The Remediate Entity task creates sub-tasks for the scheduled remediation based on your input in the Remediate wizard.

Administration view and Compliance view quick-switch links might not work properly if your environment is in linked mode If your vCenter Server system is part of a connected group in vCenter Linked Mode and you have an Update Manager instance registered with each vCenter Server system, the Admin view and Compliance view navigation links might not work properly. For example, consider a scenario in which Update Manager instance 1 is registered with vCenter Server system 1 and Update Manager instance 2 is registered with vCenter Server system 2. When you select an object managed by vCenter Server system 1, click the Update Manager tab, and then click Admin view in the upper-right corner, you see the Administrator's view of Update Manager instance 1. When you click Compliance view, select an object from the inventory managed by vCenter Server 2, and click Admin view in the upper-right corner, you see the Administration view of Update Manager instance 1 again.
Workaround: Click Compliance view and then click Admin view again to see the Administration view of the second Update Manager instance.

When you perform a VMware Tools upgrade you might see a misleading error message
When you perform a VMware Tools upgrade of a virtual machine with insufficient free space, the remediation fails because of the lack of space with a wrong error message The VMware Tools operation was canceled.

Conflicting patches are counted in the remediation wizard
After you scan a selected object against a patch baseline, you might see a number of conflicting patches in the Patch Baselines window. When you try to remediate the selected object, the conflicting patches are counted in the Remediation wizard as patches that are going to be installed on the object, but only some or none of the conflicting patches are installed during the remediation process.

Update Manager Service might fill the \Temp directory with many system temporary files You might see many files with names like ufa{*}.tmp and ufa{*}.tmp.LOG{*} in the Windows \Temp directory (the default location is C:\WINDOWS\Temp).

ufa{*}.tmp files – These files are created when the Update Manager service becomes unavailable in the middle of an offline virtual machine scan. To delete the ufa{*}.tmp files (for example, to delete a ufa729F.tmp file):

Select Start > Run.

In the Run window enter regedit.

In Registry Editor, navigate to the My Computer\HKEY_LOCAL_MACHINE folder and select the ufa729F.tmp file.

Select File > Unload Hive.

Open a Command Prompt window.

Navigate to C:\ and run the following command: del C:\Windows\Temp\ufa729F.tmp

ufa{*}.tmp.LOG{*} files – These files are Windows transaction log files for registry operations. They can be generated as a result of Windows logging registry transactions, and are removed after use. ufa{*}.tmp.LOG{*} files are like any other Windows temporary files and can be deleted as a part of a Windows Disk Cleanup task.
To delete the ufa{*}.tmp.LOG{*} files (for example, to delete a ufaFF50.tmp.LOG2 file):

Open a Command Prompt window.

Navigate to C:\ and run the following command: del C:\Windows\Temp\ufaFF50.tmp.LOG2

Update Manager Documentation

Misleading information on remediation of hosts in a clusterIn section Remediation of Hosts in a Cluster in the vCenter Update Manager Installation and Administration guide, it is stated that if a host in a cluster runs a virtual machine on which Update Manager or vCenter Server is installed, the remediation fails for the host. Note that if you start the remediation process in a DRS enabled cluster, DRS first attempts to migrate the virtual machine running vCenter Server or Update Manager to another host, so that the remediation succeeds. In case that the virtual machine cannot be migrated to another host, the remediation fails.